[Wireshark-dev] What is the data parameter of call_dissector_with_data?

[Peter Wu]

Hi,

To fix a bug, I need to pass the protocol type from a STARTTLS-like
protocol to the SSL dissector. I was about to use the unused data
field of dissect_ssl for this, but it turns out that the TCP dissector
fills in this field. That makes it entirely useless for other purposes
(such as passing parameters from via call_dissector_with_data).

It seems that my best alternative is p_add_proto_data (documented in
README.dissector, section 2.5 Per-packet information).

What is actually the purpose of the data parameter? It is not
documented well AFAIK, the packet-PROTOABBREV.c does not mention it at
all for example besides marking it as unused.
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl/
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] What is the data parameter of call_dissector_with_data?

[mmann78]

It's the preferred way to exchange data between dissectors because you're a lot 
more sure of its scope than some of the other methods.  For most cases, you're 
just passing the data between a dissector and it's subdissector (rarely does it 
go farther than that).
 
If TCP is passing its data to SSL and you have another dissector that needs to 
pass data to SSL, I recommend creating another dissector entry point for SSL 
for the STARTTLS-like dissector to call (and register it for the STARTTLS-like 
protocol to find).  The current dissector entry point and new dissector 
entry point can have a common function that they both call, taking into 
account the data passed it.  If SSL is just ignoring the TCP data (most 
dissectors do), the common function would take a NULL parameter in that case.

I know there are current dissectors that use this functionality, I just can't 
think of any off the top of my head.
 
 
-Original Message-
From: Peter Wu pe...@lekensteyn.nl
To: Developer support list for Wireshark wireshark-dev@wireshark.org
Sent: Fri, Jan 30, 2015 6:09 pm
Subject: [Wireshark-dev] What is the data parameter of call_dissector_with_data?


Hi,

To fix a bug, I need to pass the protocol type from a STARTTLS-like
protocol to the SSL dissector. I was about to use the unused data
field of dissect_ssl for this, but it turns out that the TCP dissector
fills in this field. That makes it entirely useless for other purposes
(such as passing parameters from via call_dissector_with_data).

It seems that my best alternative is p_add_proto_data (documented in
README.dissector, section 2.5 Per-packet information).

What is actually the purpose of the data parameter? It is not
documented well AFAIK, the packet-PROTOABBREV.c does not mention it at
all for example besides marking it as unused.
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl/
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

 
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe